diff options
author | Sebastian Huber <sebastian.huber@embedded-brains.de> | 2013-01-29 14:12:20 +0100 |
---|---|---|
committer | Sebastian Huber <sebastian.huber@embedded-brains.de> | 2013-01-30 17:08:04 +0100 |
commit | 1b937c6994b16334cbec599be77c3f3917e18c8c (patch) | |
tree | 6e93fc67b02975647da67cbe718ad34efe797587 /cpukit/ftpd | |
parent | ftpfs: Fix SIZE command handling (diff) | |
download | rtems-1b937c6994b16334cbec599be77c3f3917e18c8c.tar.bz2 |
ftpd: Check the root and current directory change
Only continue the session if the root and current directory change was
successful, otherwise the FTP server may access restricted file system
areas.
Diffstat (limited to 'cpukit/ftpd')
-rw-r--r-- | cpukit/ftpd/ftpd.c | 48 |
1 files changed, 28 insertions, 20 deletions
diff --git a/cpukit/ftpd/ftpd.c b/cpukit/ftpd/ftpd.c index 8ffd878d2d..3b77b3bf33 100644 --- a/cpukit/ftpd/ftpd.c +++ b/cpukit/ftpd/ftpd.c @@ -1914,39 +1914,49 @@ session(rtems_task_argument arg) while(1) { rtems_event_set set; + int rv; rtems_event_receive(FTPD_RTEMS_EVENT, RTEMS_EVENT_ANY, RTEMS_NO_TIMEOUT, &set); chroot_made = chroot_made || chroot(ftpd_root) == 0; - errno = 0; + rv = chroot_made ? chdir("/") : -1; - send_reply(info, 220, FTPD_SERVER_MESSAGE); + errno = 0; - while (1) + if (rv == 0) { - char buf[FTPD_BUFSIZE]; - char *cmd, *opts, *args; + send_reply(info, 220, FTPD_SERVER_MESSAGE); - if (fgets(buf, FTPD_BUFSIZE, info->ctrl_fp) == NULL) + while (1) { - syslog(LOG_INFO, "ftpd: Connection aborted."); - break; - } + char buf[FTPD_BUFSIZE]; + char *cmd, *opts, *args; - split_command(buf, &cmd, &opts, &args); + if (fgets(buf, FTPD_BUFSIZE, info->ctrl_fp) == NULL) + { + syslog(LOG_INFO, "ftpd: Connection aborted."); + break; + } - if (!strcmp("QUIT", cmd)) - { - send_reply(info, 221, "Goodbye."); - break; - } - else - { - exec_command(info, cmd, args); + split_command(buf, &cmd, &opts, &args); + + if (!strcmp("QUIT", cmd)) + { + send_reply(info, 221, "Goodbye."); + break; + } + else + { + exec_command(info, cmd, args); + } } } + else + { + send_reply(info, 421, "Service not available, closing control connection."); + } /* Close connection and put ourselves back into the task pool. */ close_data_socket(info); @@ -1954,8 +1964,6 @@ session(rtems_task_argument arg) free(info->user); free(info->pass); task_pool_release(info); - - chdir("/"); } } |